1. Technical Field
The present invention relates to an improved data processing system and, in particular, to a method and system for secure communication on a computer network.
2. Description of Related Art
As electronic commerce becomes more prevalent, business relationships between vendors and between a vendor and its customers become more valuable. Businesses are more willing to protect those relationships by spending more money on information technology that protects the integrity of their electronic commerce connections. In so doing, businesses protect not only their data and cash flow but also intangibles, such as reputations and good will. In addition, the complexity of information technology, the pressure of global competition, and the demands of universal access around-the-clock availability of electronic systems greatly increases the need to minimize disruptions in electronic commerce operations. The growing complexity of distributed data processing systems faces increasing reliability demands. Corporations are using new methods of communicating to meet expanding and disparate needs. Traveling employees require access to company databases. Some companies employ extranets, and other companies may require constant communication paths with strategic partners. All of these factors contribute to a corporation""s growing reliance and vulnerability to complex communication infrastructures.
A corporation""s information technology infrastructure may fail at various pressure points, such as telecommunication links, servers, networks, etc. Although hardware reliability may be a major concern, cost may also be a concern, and corporations have attempted to contain costs by using the open, distributed infrastructure of the Internet to transmit data between corporate sites. Dedicated leased lines may be prohibitively expensive for some companies, and other companies may require more flexibility than is provided by owning a complete communication channel. However, this openness also introduces another major concern to corporations: vulnerability. Corporations must protect against both physical vulnerability, such as hardware failures, and logical vulnerability, such as electronic espionage.
Virtual private networks (VPNS) using the Internet have the potential to solve many of these enterprise-wide, communication-related problems. VPNs allow corporate administrators to connect remote branch offices to a main corporate network economically and relatively securely. Rather than depend on dedicated leased lines, an Internet-based VPN uses the open infrastructure of the Internet. Because the Internet is a public network with open transmission of data, Internet-based VPNs include measures for encrypting data passed between network sites or other measures that may be taken to protect data against eavesdropping and tampering by unauthorized parties.
VPNs are not completely secure. A security risk is associated with VPNs that use any security encryption algorithm. VPN tunnel data is encrypted before transmission on the Internet, and only the tunnel endpoints know the encryption/decryption secret key for the transmitted data. Over time, a snoop may collect encrypted data captured from a VPN tunnel. Given enough time and computational resources, a snoop may crack the encryption code and discover the secret keys used by the tunnel endpoints. At that point, a snoop would have both access to openly transmitted data and the ability to decrypt the valuable information within the captured data.
If a VPN tunnel is established for the transfer of secure data, and the integrity of the tunnel becomes suspect, the only recourse is to shut down the virtual private network. A new VPN tunnel must then be reestablished by changing one or more of the following items: encryption algorithm, Internet Protocol (IP) addresses, and secret keys. Generally, this reconfiguration is a manual process that must be agreed upon and acted upon by network or system administrators.
Therefore, it would be advantageous to provide a method and system for more secure network communication, and in particular, to provide secure communication over an open network infrastructure using a more secure form of VPN tunnels.
A method and system for an algorithm-based network snoop avoider is provided. A first data processing system and a second data processing system communicate on a physical network by transmitting data packets on the network using a virtual private network (VPN). Data packets are transmitted through a first VPN tunnel between the first data processing system with a first network address terminating a first end of the VPN tunnel and the second data processing system with a second network address terminating a second end of the first VPN tunnel. The VPN is automatically reconfigured to use alternate addresses on the network for the tunnel endpoints by automatically determining, in accordance with a predetermined algorithm, a third network address and a fourth network address and by automatically assigning the third network address to the first data processing system and the fourth network address to the second data processing system. Data packets may then be transmitted through a second VPN tunnel in which a first end of the second VPN tunnel is terminated by the first data processing system using the third network address and a second end of the second VPN tunnel is terminated by the second data processing system using the fourth network address. The data packets may be transmitted using Internet Protocol (IP), and a portion of the network may include the Internet.